Wednesday, February 24, 2010

VPN Headaches...

Started a new job, had to get the VPN setup before one of the 2010 snow storms hit. No problem. Brought the CD with the Cisco client (latest) and the PCF file for work. My router didn't have VPN (my bad, didn't need it when I last updated DD-WRT) so I pulled the latest VPN build for DD-WRT and made sure things were enabled. The Cisco VPN client installed fine and the import went flawlessly.

Then the problems began. I couldn't authenticate. Each step of the process would be a nightmare, taking up to 2 minutes to get from step to step - when it should go instantly. Then Authentication would fail with this wonderfully helpful message:
Secure VPN Connection terminated by Perr. Reason 433: (Reason Not Specified
by Peer)
Since half of my company was now having this problem, we started chasing it down. Only people who installed from the CD had the problem. The PCFs in use were identical in content.

My coworker started tracing what the Client did. Interestingly, Cisco's VPN client reads and writes each of the profiles in your \VPN Client\Profiles directory every action. No, that's not an error. Each time you start up, establish a connection, etc. the client reads and writes each PCF file.

When I imported the PCF from the CD it pulled onto my WinXP box as a read only file. The delay I was experiencing was the Client timing out its request for an exclusive lock on the PCF file. I made the file writable and everything worked as expected.

No comments: